From bug 562013 comment 29:
> Is this script disabling and re-enabling for <script> elements or also for
> something else?
As far as I know, it's just for <script> elements. The change to scriptloader was made in bug 299231. The change to do something for scripts at all was bug 116834.
So if the HTML5 parser guarantees that the <script>s from inside innerHTML won't run, this code can go away.

We do want to make sure that those <script>s get their mIsEvaluated flag set though. Otherwise these scripts could run unexpectedly if their parent is moved around in the DOM.
Not sure how that affects things?

Created attachment 526707[details][diff][review]
Part 3: Make XML script execution prevention work for real
Bug 650501 was accidentally making the mochitest here pass, which is why I didn't notice that the fix in part 2 was incomplete. Here's an addendum that makes the fix actually work.